Skip to main content

Information Security Overview

Information Security Overview


1- Definition - Information security is a state of well-being of information and infrastructure in which the possibility of theft, tampering, and disruption of information and services is kept low.

2- Essential terminology
Hack value – is the notion among hackers that something is worth doing or is interesting.

Vulnerability  – is the existence of a weakness (design or implementation error) that can lead to an unexpected event compromising the security of the system.

Exploit – is a breach of an IT system security through vulnerabilities.Payload – is the part of an exploit code that performs an intended malicious action.

Zero-Day attack – is an attack that exploits the computer vulnerability before software engineer releases a patch.

Daisy Chaining – it involves gaining access to a network and /or computer and then using the same information to gain access to multiple networks and computers that contains desirable information.

Doxing – Publishing personally identifiable information about an individual or organization.

Bot – is a software application that can be controlled remotely to execute or automate predefined tasks.

Warfare – or info war refers to the use of information and communication technologies to take advantage over an opponent.

Hacking – Unauthorized attempts to bypass the security mechanisms of an information system or network.

Hacker – is a person with excellent computer skills, with the ability to create and explore the computer software and hardware.

Ethical hacking – is the use of hacking tools and tricks to identify vulnerabilities so as to ensure the system security.

3- Elements of information security 
Confidentiality : The information is only accessible by persons authorized to.
Integrity : The trustworthiness of data.Availability: systems available to whom requires them.
Authenticity : Non-repudiation: not denying sending or receiving data.

4- Levels of Security
Levels of security in any system can be defined by the strength of three components which are functionality, security, and usability.
Functionality represents the features, security represents the restrictions and usability represent the graphical user interface (GUI).
We can find a close association between these three levels and move toward one of them is losing the two others.

II - Information Security Threats and attacks

Attack = motive + method + vulnerability

Threat categories:
Network threats.Host-based threats.Applications threats.
Some threats and attack vectors:
Cloud computing threats.
Advanced Persistent Threats (APT).
Viruses and worms.
BotnetsInsider attack.

Motives behind attacks:
Information theft.
Manipulating data.
Damaging the reputation of the target.
Propagating religious or political beliefs.
Taking revenge.

III - Hackers classes and hacking phases

A. Hackers classes
Black hats: are hackers with malicious intentions.

White hats: are ethical hackers.

Grey hats: are black and white hackers.

Suicide hackers: are hackers that are not afraid of going jail or facing any sort of punishment.

Script kiddies: Unskilled hackers who use real hackers’ tools and programs.

Cyber terrorists: hackers having religious or political beliefs with motive of creating a large-scale fear.

State sponsored hackers: hackers engaged by governments.

 Hacktivists: hackers promoting a political agenda or a social change.

B. Hacking phases:


1. Reconnaissance
Reconnaissance is the preparation phase. It seeks to gather information about the target. There’s two kind of reconnaissance; active and passive.
Active reconnaissance permits direct interaction by any mean with the target.Passive reconnaissance does not permit any direct interaction with the target.

2. Scanning
Scanning is the pre-attack phase, it’s done on the basis of information gathered during recon phase. This phase includes the usage of port scanners, net mappers, and many other tools.
Information extracted by the attacker during this phase are live machine, OS detail.

3. Gaining access
Gaining access is the point where the attacker obtains access to the system or the application. The attacker can then, escalate privileges to gain a complete control of the system.

4. Maintaining access
Maintaining access is the retention the system’s owner.

5. Cleaning tracks
Clearing tracks are hiding its malicious acts to prevent being uncovered.
This was an introduction to ethical hacking covering an overview of information security, threats, and attack vectors, it also covers hacker types and hacking phases. 

Labels:

Comments

Post a Comment

Popular posts from this blog

5 ways you are being Hacked

    5 Ways You are Being Hacked W eb monitoring and mass surveillance has become a headache for most of us. Everyday some new malware makes its way into our lives through websites and applications that we use. It is important for you to know where the loopholes exist and eradicate them as soon as possible. So here are the top 5 ways people are getting hacked. 1> Password reuse It may not sound to be a serious issue but it is one of the main reason responsible for password. What people do is that they use same password for every account that exists and make it easy for an attacker to hack all of their data in one go.Make sure you have a unique and strong password for each log in. It makes it harder for us to remember each and every password ,thus password managers were created.   2>Malware downloads If you surf the web regularly and try new apps for your mobiles, chances are you already downloaded some malware or will invite them in the near future. 30,000 websites a
1 comment
Read more

How To Encrypt Keyboard To Avoid Keyloggers

How To Encrypt Keyboard To Avoid Keyloggers If we start encrypting keystrokes of a keyboard the value that keylogger will record will be different from the actual value, it means that they would only record random characters. We will be using Keyscrambler software to encrypt our keyboard. So have a look on simple steps below to implement this in your Windows PC. Steps To Encrypt Keystrokes To Avoid Keylogger Attacks :- Step 1 . First of all download and install the tool KeyScrambler. Step 2 . Now after downloading, install it and after complete installation, you have to reboot your system. Step 3 . Now when your computer boots up, right click on the icon of KeyScrambler in the system tray at the bottom of a screen. Step 4 . Now choose options from there and Keyscrambler will open and you will see the screen like below. Step 5 . Now you can alter settings in this according to your wish and after that simply click on ok. Now your key scrambler app is ready,
2 comments
Read more

The Hacker's Dictionary

               ----- The Hacker's Dictionary----- Are you new to the realm of hacking? Do you feel dumb when you don't know the meaning of a certain term?Well, then this will certainly help you out! . If you are ever unsure about anything, simply scroll down and find that specific word, then read the definition. Anything includes: Abbreviations, Phrases, Words, and Techniques.The list is in alphabetical order for convenience!                                  -----Abbreviations----- DDoS  : Distributed Denial of Service DrDoS  : Distributed Reflected Denial of Service Attack, uses a list of reflection servers or other methods such as DNS to spoof an attack to look like it's coming from multiple IPS. Amplification of power in the attack could occur. FTP  : File Transfer Protocol. Used for transferring files over an FTP server. FUD  : Fully Undetectable Hex  : In computer science, hexadecimal refers to base-16 numbers. These are numbers that use d
Post a Comment
Read more